From 6ab652234816be9ea4c59217254c85003b4eddb5 Mon Sep 17 00:00:00 2001 From: Pieter Lexis Date: Tue, 12 Apr 2016 15:41:24 +0200 Subject: [PATCH] dnsdist: Add systemd notify support --- build-scripts/build-dnsdist-rpm | 8 +++++-- build-scripts/debian-dnsdist/control.in | 2 +- build-scripts/debian-dnsdist/dnsdist.service | 4 +++- build-scripts/debian-dnsdist/rules | 9 +++++++- pdns/README-dnsdist.md | 4 ++++ pdns/dnsdist-lua.cc | 11 ++++++++- pdns/dnsdist.cc | 8 +++++++ pdns/dnsdistdist/.gitignore | 1 + pdns/dnsdistdist/Makefile.am | 18 ++++++++++++--- pdns/dnsdistdist/configure.ac | 3 +++ pdns/dnsdistdist/contrib/dnsdist.service | 2 +- pdns/dnsdistdist/dnsdist.service.in | 24 ++++++++++++++++++++ pdns/dnsdistdist/m4/systemd.m4 | 13 +++++++---- 13 files changed, 92 insertions(+), 15 deletions(-) create mode 100644 pdns/dnsdistdist/dnsdist.service.in diff --git a/build-scripts/build-dnsdist-rpm b/build-scripts/build-dnsdist-rpm index 15a59766c8..11b6c494ff 100755 --- a/build-scripts/build-dnsdist-rpm +++ b/build-scripts/build-dnsdist-rpm @@ -40,8 +40,10 @@ SODIUM_CONFIGURE='' # Some RPM platforms use systemd, others sysv, we default to systemd here INIT_BUILDREQUIRES='BuildRequires: systemd' -INIT_INSTALL='install -d -m 755 %{buildroot}/%{_sysconfdir}/systemd/system/ && install -m 664 contrib/dnsdist.service %{buildroot}/%{_sysconfdir}/systemd/system/dnsdist.service' -INIT_FILES='%{_sysconfdir}/systemd/system/dnsdist.service' +#INIT_INSTALL='install -d -m 755 %{buildroot}/lib/systemd/system/ && install -m 664 dnsdist.service %{buildroot}/lib/systemd/system/dnsdist.service' +INIT_INSTALL='' +INIT_FILES='/lib/systemd/system/dnsdist.service' +INIT_CONFIGURE='--enable-systemd --with-systemd=/lib/systemd/system \' # These two are the same for sysv and systemd (we don't install defaults files at the moment) DEFAULTS_INSTALL='' @@ -64,6 +66,7 @@ if [ -f /etc/redhat-release ]; then INIT_BUILDREQUIRES='' INIT_INSTALL='install -d -m 755 %{buildroot}/%{_initrddir} && install -m 755 contrib/dnsdist.init.centos6 %{buildroot}/%{_initrddir}/dnsdist' INIT_FILES='%{_initrddir}/dnsdist' + INIT_CONFIGURE='\' SETUP="%setup -n %{name}-${TARBALLVERSION}" RPMBUILD_COMMAND="scl enable devtoolset-3 -- ${RPMBUILD_COMMAND}" ;; @@ -101,6 +104,7 @@ ${SETUP} %build %configure \ --sysconfdir=/etc/dnsdist \ + ${INIT_CONFIGURE} ${SODIUM_CONFIGURE} make diff --git a/build-scripts/debian-dnsdist/control.in b/build-scripts/debian-dnsdist/control.in index 7eff7391c3..6b11f4ec3b 100644 --- a/build-scripts/debian-dnsdist/control.in +++ b/build-scripts/debian-dnsdist/control.in @@ -3,7 +3,7 @@ Section: net Priority: optional Maintainer: PowerDNS Autobuilder Origin: PowerDNS -Build-Depends: debhelper (>= 9), dh-autoreconf, dh-systemd (>= 1.5), libboost-dev, libedit-dev, liblua5.2-dev, pkg-config @LIBSODIUMDEV@ +Build-Depends: debhelper (>= 9), dh-autoreconf, dh-systemd (>= 1.5), libboost-dev, libedit-dev, liblua5.2-dev, pkg-config @LIBSODIUMDEV@ @LIBSYSTEMDDEV@ Standards-Version: 3.9.7 Homepage: http://dnsdist.org diff --git a/build-scripts/debian-dnsdist/dnsdist.service b/build-scripts/debian-dnsdist/dnsdist.service index 13d7280603..8a265b4b15 100644 --- a/build-scripts/debian-dnsdist/dnsdist.service +++ b/build-scripts/debian-dnsdist/dnsdist.service @@ -4,8 +4,10 @@ Wants=network-online.target After=network-online.target [Service] -# Keep the --supervised and --disable-syslog option when modifying the default options +# Note: when editing the ExecStart command, keep --supervised and --disable-syslog ExecStart=/usr/bin/dnsdist --supervised --disable-syslog -u _dnsdist -g _dnsdist + +Type=notify Restart=on-failure RestartSec=2 TimeoutStopSec=5 diff --git a/build-scripts/debian-dnsdist/rules b/build-scripts/debian-dnsdist/rules index 3c8f11ce34..7bfaa48207 100755 --- a/build-scripts/debian-dnsdist/rules +++ b/build-scripts/debian-dnsdist/rules @@ -9,6 +9,9 @@ include /usr/share/dpkg/default.mk ENABLE_LIBSODIUM := --enable-libsodium LIBSODIUM_DEV := , libsodium-dev + +ENABLE_SYSTEMD := --enable-systemd --with-systemd=/lib/systemd/system +LIBSYSTEMD_DEV := , libsystemd-dev DEBHELPER_WITH_SYSTEMD := --with systemd # $(ID) and $(VERSION_ID) come from the environment, source this from /etc/os-release @@ -16,13 +19,16 @@ ifeq ($(ID), ubuntu) ifeq ($(VERSION_ID), 14.04) # Disable building and depending on libsodium on Ubuntu Trusty ENABLE_LIBSODIUM= + ENABLE_SYSTEMD= + LIBSYSTEMD_DEV= LIBSODIUM_DEV= DEBHELPER_WITH_SYSTEMD= endif endif debian/control: debian/control.in - sed -E "s!@LIBSODIUMDEV@!$(LIBSODIUM_DEV)!" $< > $@ + sed -e "s!@LIBSODIUMDEV@!$(LIBSODIUM_DEV)!" \ + -e "s!@LIBSYSTEMDDEV@!$(LIBSYSTEMD_DEV)!" $< > $@ %: dh $@ \ @@ -40,6 +46,7 @@ override_dh_auto_configure: --infodir=\$${prefix}/share/info \ --libdir='$${prefix}/lib/$(DEB_HOST_MULTIARCH)' \ --libexecdir='$${prefix}/lib' \ + $(ENABLE_SYSTEMD) \ $(ENABLE_LIBSODIUM) override_dh_auto_build-arch: diff --git a/pdns/README-dnsdist.md b/pdns/README-dnsdist.md index 624b42f8c9..90c64d05a4 100644 --- a/pdns/README-dnsdist.md +++ b/pdns/README-dnsdist.md @@ -14,6 +14,10 @@ Compiling compiler (g++ 4.8 or higher, clang 3.5 or higher). It can optionally use libsodium for encrypted communications with its client. +Should `dnsdist` be run on a system with systemd, it is highly recommended to have +the systemd header files (`libsystemd-dev` on debian and `systemd-devel` on CentOS) +installed to have `dnsdist` support systemd-notify. + To compile on CentOS 6 / RHEL6, use this script to install a working compiler: ``` diff --git a/pdns/dnsdist-lua.cc b/pdns/dnsdist-lua.cc index 0ab42a439a..42aaab4691 100644 --- a/pdns/dnsdist-lua.cc +++ b/pdns/dnsdist-lua.cc @@ -9,6 +9,10 @@ #include "lock.hh" #include +#ifdef HAVE_SYSTEMD +#include +#endif + using std::thread; static vector>* g_launchWork; @@ -497,7 +501,12 @@ vector> setupLua(bool client, const std::string& confi g_outputBuffer+=s+"\n"; }); - g_lua.writeFunction("shutdown", []() { _exit(0);} ); + g_lua.writeFunction("shutdown", []() { +#ifdef HAVE_SYSTEMD + sd_notify(0, "STOPPING=1"); +#endif + _exit(0); + } ); g_lua.writeFunction("addDomainBlock", [](const std::string& domain) { diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc index d658cb630d..c301c7fa0b 100644 --- a/pdns/dnsdist.cc +++ b/pdns/dnsdist.cc @@ -42,6 +42,10 @@ #include #include "dnsdist-cache.hh" +#ifdef HAVE_SYSTEMD +#include +#endif + /* Known sins: Receiver is currently single threaded @@ -1475,6 +1479,7 @@ try break; } } + argc-=optind; argv+=optind; for(auto p = argv; *p; ++p) { @@ -1724,6 +1729,9 @@ try thread healththread(healthChecksThread); if(g_cmdLine.beDaemon || g_cmdLine.beSupervised) { +#ifdef HAVE_SYSTEMD + sd_notify(0, "READY=1"); +#endif healththread.join(); } else { diff --git a/pdns/dnsdistdist/.gitignore b/pdns/dnsdistdist/.gitignore index 7c3177d2c5..6a62959c6e 100644 --- a/pdns/dnsdistdist/.gitignore +++ b/pdns/dnsdistdist/.gitignore @@ -31,3 +31,4 @@ /dnsdist /dnsmessage.pb.cc /dnsmessage.pb.h +/dnsdist.service diff --git a/pdns/dnsdistdist/Makefile.am b/pdns/dnsdistdist/Makefile.am index 3af60a85ad..9d96068f38 100644 --- a/pdns/dnsdistdist/Makefile.am +++ b/pdns/dnsdistdist/Makefile.am @@ -1,4 +1,4 @@ -AM_CPPFLAGS += $(LUA_CFLAGS) $(LIBEDIT_CFLAGS) $(YAHTTP_CFLAGS) $(SANITIZER_FLAGS) -DSYSCONFDIR=\"${sysconfdir}\" +AM_CPPFLAGS += $(SYSTEMD_CFLAGS) $(LUA_CFLAGS) $(LIBEDIT_CFLAGS) $(YAHTTP_CFLAGS) $(SANITIZER_FLAGS) -DSYSCONFDIR=\"${sysconfdir}\" ACLOCAL_AMFLAGS = -I m4 @@ -39,7 +39,8 @@ EXTRA_DIST=dnslabeltext.rl \ build-aux/gen-version \ ext/incbin/UNLICENSE \ incfiles \ - src_js + src_js \ + dnsdist.service.in bin_PROGRAMS = dnsdist @@ -100,7 +101,8 @@ dnsdist_LDADD = \ $(RT_LIBS) \ $(YAHTTP_LIBS) \ $(LIBSODIUM_LIBS) \ - $(SANITIZER_FLAGS) + $(SANITIZER_FLAGS) \ + $(SYSTEMD_LIBS) if HAVE_RE2 dnsdist_LDADD += $(RE2_LIBS) @@ -178,3 +180,13 @@ $(MANPAGES): exit 1 endif endif + +if HAVE_SYSTEMD +dnsdist.service: dnsdist.service.in + $(AM_V_GEN)sed -e 's![@]bindir[@]!$(bindir)!' < $< > $@ + +systemdsystemunitdir = $(SYSTEMD_DIR) + +systemdsystemunit_DATA = \ + dnsdist.service +endif diff --git a/pdns/dnsdistdist/configure.ac b/pdns/dnsdistdist/configure.ac index ed896fb432..1f5d0c89fd 100644 --- a/pdns/dnsdistdist/configure.ac +++ b/pdns/dnsdistdist/configure.ac @@ -19,6 +19,9 @@ PDNS_CHECK_RE2 DNSDIST_ENABLE_DNSCRYPT PDNS_WITH_PROTOBUF +AX_AVAILABLE_SYSTEMD +AM_CONDITIONAL([HAVE_SYSTEMD], [ test x"$systemd" = "xy" ]) + AC_SUBST([YAHTTP_CFLAGS], ['-I$(top_srcdir)/ext/yahttp']) AC_SUBST([YAHTTP_LIBS], ['$(top_builddir)/ext/yahttp/yahttp/libyahttp.la']) diff --git a/pdns/dnsdistdist/contrib/dnsdist.service b/pdns/dnsdistdist/contrib/dnsdist.service index 11067dfc8a..43bc1d58c1 100644 --- a/pdns/dnsdistdist/contrib/dnsdist.service +++ b/pdns/dnsdistdist/contrib/dnsdist.service @@ -3,7 +3,7 @@ Description=dnsdist After=network.target [Service] -# Keep the --supervised option when changing the default options +Type=notify ExecStart=/usr/bin/dnsdist --supervised [Install] diff --git a/pdns/dnsdistdist/dnsdist.service.in b/pdns/dnsdistdist/dnsdist.service.in new file mode 100644 index 0000000000..e028c178b4 --- /dev/null +++ b/pdns/dnsdistdist/dnsdist.service.in @@ -0,0 +1,24 @@ +[Unit] +Description=DNS Loadbalancer +Wants=network-online.target +After=network-online.target + +[Service] +# Note: when editing the ExecStart command, keep --supervised and --disable-syslog +ExecStart=@bindir@/dnsdist --supervised --disable-syslog + +Type=notify +Restart=on-failure +RestartSec=2 +TimeoutStopSec=5 +StartLimitInterval=0 +PrivateTmp=true +PrivateDevices=true +CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID +NoNewPrivileges=true +ProtectSystem=full +ProtectHome=true +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 + +[Install] +WantedBy=multi-user.target diff --git a/pdns/dnsdistdist/m4/systemd.m4 b/pdns/dnsdistdist/m4/systemd.m4 index 182a56ae3c..0256f473c9 100644 --- a/pdns/dnsdistdist/m4/systemd.m4 +++ b/pdns/dnsdistdist/m4/systemd.m4 @@ -1,6 +1,7 @@ # systemd.m4 - Macros to check for and enable systemd -*- Autoconf -*- # # Copyright (C) 2014 Luis R. Rodriguez +# Copyright (C) 2016 Pieter Lexis # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -16,6 +17,8 @@ # along with this program; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +#serial 2 + dnl Some optional path options AC_DEFUN([AX_SYSTEMD_OPTIONS], [ AC_ARG_WITH(systemd, [ --with-systemd set directory for systemd service files], @@ -39,13 +42,13 @@ AC_DEFUN([AX_ALLOW_SYSTEMD_OPTS], [ AC_DEFUN([AX_CHECK_SYSTEMD_LIBS], [ AC_CHECK_HEADER([systemd/sd-daemon.h], [ - AC_CHECK_LIB([systemd-daemon], [sd_listen_fds], [libsystemddaemon="y"]) + AC_CHECK_LIB([systemd], [sd_listen_fds], [libsystemd="y"]) ]) - AS_IF([test "x$libsystemddaemon" = x], [ - AC_MSG_ERROR([Unable to find a suitable libsystemd-daemon library]) + AS_IF([test "x$libsystemd" = x], [ + AC_MSG_ERROR([Unable to find a suitable libsystemd library]) ]) - PKG_CHECK_MODULES([SYSTEMD], [libsystemd-daemon]) + PKG_CHECK_MODULES([SYSTEMD], [libsystemd]) dnl pkg-config older than 0.24 does not set these for dnl PKG_CHECK_MODULES() worth also noting is that as of version 208 dnl of systemd pkg-config --cflags currently yields no extra flags yet. @@ -95,7 +98,7 @@ AC_DEFUN([AX_CHECK_SYSTEMD], [ AC_DEFUN([AX_CHECK_SYSTEMD_ENABLE_AVAILABLE], [ AC_CHECK_HEADER([systemd/sd-daemon.h], [ - AC_CHECK_LIB([systemd-daemon], [sd_listen_fds], [systemd="y"]) + AC_CHECK_LIB([systemd], [sd_listen_fds], [systemd="y"]) ]) ]) -- 2.47.2